--
[CVE = Common Vulnerabilities and Exposures]
Another Second Tuesday of the month... Another Adobe Flash and Adobe AIR patch marathon!
This time we're up to Adobe Flash v18.0.0.232 and Adobe AIR v18.0.0.199, patching 35 (thirty-five) CVE security flaws.
Where to download the updates
https://get.adobe.com/flashplayer/
https://get.adobe.com/air/
The new Adobe Flash (and AIR) Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Details from the new Adobe Flash (and AIR) Security Bulletin, with added links to available CVE data!
Vulnerability Details(Note: CVEs not linked above did not have available data at Mitre.org at the time of this posting).
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).
These updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).
No new zero-day Flash/AIR exploits have been reported at this time. However, Adobe considers these updates to be CRITICAL. Therefore, it is advised to update ASAP.
--
No comments:
Post a Comment